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Section A — Adminisiruiiun 

1. Purpose- This pamphlet gives OPSEC officers 
a basis on which they can builJ an effective 
OPSEC program. The contents have been, in part, 
compiled from various DOD source*. The authors 
have attempted to cover all phases of the OPSEC 
program, from initial orientation to conducting an 
OPSEC survey. The pamphlet is genera/ by 
design. OPSEC officers are encouraged to add to 
this pamphlet tojit their command needs. 

2. Definition. Operations Security (OPSEC) is the 
process of denying adversaries information about 
friendly capabilities and intentions by identifying, 
controlling, and protecting indicators associated 
with planning and conducting military operations 
and other activities (AFR 55-30). OPSEC applies 
to all levels and should be emphasized from the 
highest echelon down to the lowest shop and of- 
fice level within a command. Essentially, OPSEC 
has two objectives: protecting friendly operations 
and degrading an adversary's war fighting capa- 
bilities through denial of critical information nec- 
essary for planning and decision making. 

3. Responsibilities: 

a. General Responsibilities. OPSEC policy, 
concepts, and standards are provided in JCS Pub- 
lication 18. AFR 55-30 establishes the Air Force 
OPSEC program. The office of primary responsi- 
bility (OPR) for OPSEC at HQ USAF is the Dep- 
uty Chief of Staff, Plans and Operations, through 
the Directorate of Electronic Combat (HQ 
USAF/XOE). Each MAJCOM has a full-time 
OPSEC officer. SOAs and DRUs have either a 
full-time OPSEC officer or a designated OPSEC 
OPR. 

b. Commanders' Responsibilities. Command- 
ers have overall responsibility for OPSEC within 
their command. They are responsible for develop- 
ing and implementing policy, instructions, and 
training necessary to maintain an effective unit 
OPSEC program. Specific responsibilities include: 

(1) Defining which elements of the unit mis- 
sion are considered critical, the compromise of 
which could jeopardize the unit's capability to 
perform its mission. 

(2) Identifying those sensitive mission areas 
requiring protection from public exposure or hos- 
tile exploitation. 

(3) Taking protective measures necessary to 
prevent disclosure of sensitive information. 

(4) Establishing and maintaining an OPSEC 
education program to increase, at all levels of 



command, knowledge of the dangers from enemy 
foreknowledge of friendly operations. 

(5) Assessing the unit's OPSEC posture. 

(6) Establishing an OPSEC board or working 
group as required. 

(7) Submitting an annual OPSEC report (see 
attachment 1). 

c. OPSEC Officers' Responsibilities. OPSEC 
officers act as the commander's authority for 
implementing and maintaining the unit OPSEC 
program. For operational units, it is recom- 
mended that an OPSEC point of contact (POC) be 
designated at wing level or equivalent to manage 
the overall program and documentation. At sub- 
ordinate units, it is recommended that a POC be 
designated for unit OPSEC application day-to- 
day airborne tactics and planning vice OPSEC 
program management and documentation. 
OPSEC Officers are responsible for: 

(1) Ensuring the OPSEC has been included in 
all unit plans, operations orders (OPORD), opera- 
tion plans (OPLAN), exercises, and daily opera- 
tional activities. 

(2) Ensuring that essential elements of 
friendry information (EEFI) are properly devel- 
oped, ranked by priority, and kept current. 

(3) Assembling, evaluating, and disseminat- 
ing threat information. 

(4) Evaluating previously identified OSPEC 
weaknesses in light of current thceat information 
or exploitable conditions to determine vulnerabil- 
ity. 

(5) Making recommendations to the com- 
mander for correcting noted deficiencies. 

(6) Preparing, maintaining, and presenting 
OPSEC educational material to all unit personnel. 

(7) Ensuring that OPSEC board agendas are 
prepared and board minutes are distributed. 

d. Individual Responsibilities. Individuals are 
responsible for complying with established secu- 
rity practices for protecting classified, unclassi- 
fied, and sensitive information which they have 
been exposed to. All personnel should: 

(1) Be aware of the threat. 

(2) Know local EEFI. 

(3) Ensure co-workers are aware of threats 
and EEFI. 

(4) Know where to obtain OPSEC guidance, 
such as regulations and pamphlets. 

4. Organizing: 
a. Regulations and OPSEC Officer Guides: 
(I) The OPSEC officer should be thoroughly 
familiar with the various regulations and guides 
which define OPSEC policy and concepts and 



AFP 55-36 9 July 1985 



should have copies available as reference material. 
These documents may be ordered through normal 
unit PDO channels. 

(2) The regulations and guides that each 
OPSEC officer should have arc: 

(a) JCS Publication 18. Operations Secu- 
rity. 

(b) AFR 55-30, Operations Security. 

(c) Command supplement to AFR 55-30 
(if published). 

(d) Unit supplement as applicable. 

(e) JCS OPSEC Survey Planning Guide 
(J3M-947-83). 

(0 Air Force OPSEC Pamphlet. 

(g) The Intelligence Threat: A Handbook 
for OPSEC Officers. AFOSI. December 1982 (ob- 
tained through local AFOSI detachments). 

(h) MAJCOM OPSEC Guide or Hand- 
book as applicable. 

(i) JCS Joint Operational Planning System 
(JOPS), Volume I and II, Annex L. 

(j) AFR 50-1, Ancillary Training Pro- 
gram. 

(k) AFR 28-3, USAF Operation Planning 
Process. 

b. OPSEC File. The OPSEC file is the refer- 
ence for the current status of the unit OPSEC pro- 
gram and future actions. The OPSEC file should 
be used as the basis for compiling the unit annual 
OPSEC report. The file should contain the fol- 
lowing information: 

(1) List of OPSEC briefings, films, video 
tapes, and visual aids on hand, dates given, and to 
whom. 

(2) Recurring OPSEC threat information 
(for example, weekly OPSEC threat highlights). 

(3) Requested OPSEC threat information 
(see AFR 55-30). 

(4) Names of points-of-contact (POC) and 
telephone numbers. This list should include, but is 
not limited to: 

(a) Parent and host organization and high- 
er headquarters OPSEC officers. 

(b) Subordinate or lateral OPSEC officer. 

(c) Local AFOSI representative. 

(d) Tactical deception officers. 

(e) Unit planners. 

(0 DCS intelligence (IN) POC. 

(g) OPSEC board working group mem- 
bers. 

(h) Other unit security program managers 
(for example, automatic data processing ((ADP» 
information security). 

(5) Unit OPSEC board or working group 
minutes. 



(6) Master copies of OPSEC education pack- 
ages distributed for reading. 

(7) Documentation of educational materials 
provided. 

(8) EEFI lists. 

(9) Management -Effectiveness Inspection 
(MEI), Operational Readiness Inspection (ORI), 
or Inspector General (IG) inspection items per- 
taining to the unit OPSEC function, including in- 
spection reports from other units, and corrective 
actions taken. 

(10) OPSEC survey reports. 

(11) Future plans. 

(12) List of documents (such as plans, 
OPORDS, and concepts of operations) reviewed 
for OPSEC consideration, date last reviewed, and 
next review date. 

(13) Lessons learned. 

(14) Copies of correspondence and reference 
material. 

(15) Annual OPSEC report (suggest 2-year 
retention for trend analysis). 

NOTE: The above list is not meant to be all inclu- 
sive. For quick reference, some commanders or 
units use a continuity folder which contains some 
of the above information. 

c. Visibility. To be effective, an OPSEC officer 
should be known throughout the unit. Persons 
having questions concerning OPSEC should know 
whom to contact. The OPSEC officer should visit 
working sections frequently to keep abreast of 
changes which may affect the OPSEC posture of 
the unit and determine the OPSEC awareness level 
of individuals through personal contact. These 
visits afford some degree of visibility. Addition- 
ally, posters should be displayed throughout the 
unit identifying the OPSEC officer and how to 
contact him or her. 

d. OPSEC Board and Working Group. These 
are the two bodies that combine the power to im- 
plement OPSEC at the working level. 

(1 ) Purpose of the OPSEC Board. The board 
assists in developing OPSEC policy and in manag- 
ing supporting OPSEC programs. The OPSEC 
board provides a forum for addressing OPSEC 
matters and for sending recommendations to the 
commander. 

(2) OPSEC Board Responsibilities. The 
OPSEC board: 

(a) Reviews, coordinates, and recommends 
OPSEC policy and programs. 

(b) Reviews, coordinates, and recom- 
mends OPSEC objectives. 

(c) Reviews OPSEC posture and recom- 
mends changes to programs. 
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(d) Recommends subject lor OPSEC sur- 
veys and survey team composition. 

(e) Assigns tasks to OPSEC board mem- 
bers and the OPSEC working group to make sure 
activities are completed. 

(3) OPSEC Board Meeting. The OPSEC 
board meets at the direction o( the chair. OPSEC 
Board members may request the chair to convene 
special meetings as needed. 

(4) OPSEC Board Composition: 

(a) The commander or a designated repre- 
sentative serves as the OPSEC board chair. The 
OPSEC officer serves as the OPSEC advisor to 
the board. 

(b) Each deputy commander or organiza- 
tional equivalent should be a board member; small 
units should assign the next level of- command be- 
low the commander by functional area. 

(c) Functional area managers should desig- 
nate one primary and one alternate member to the 
OPSEC board. 

/. They should provide in writing, to the 
OPSEC officer, the names of primary and alter- 
nate representatives, and their replacements when 
changes occur. 

2. Alternates may attend board meetings 
with primary representatives. Advisors may attend 
at the invitation of the representative, provided 
suitable notice is given to the OPSEC officer. 

3. Offices not permanently represented 
on the OPSEC board may send representatives to 
discuss specific issues, either at the request of, or 
by request to, the board chair. 

(5) The Chair's Responsibilities. The chair: 

(a) If not the commander, reports to the 
commander on OPSEC board actions and recom- 
mendations. 

(b) Schedules and presides over OPSEC 
board meetings. 

(c) Requests briefings on specific matters 
of OPSEC concern from the proper organization 
or agency. 

(d) Establishes working groups and sub- 
committees, when necessary, to meet OPSEC 
board responsibilities. 

(6) OPSEC Working Group. The OPSEC 
working group, composed of action-officer-level 
POCs from organizations represented on the 
OPSEC board, supports the activities of the 
OPSEC board. 

(a) The OPSEC officer serves as the Chair 
of the OPSEC Working group. 

(b) The composition of the OPSEC work- 
ing group may vary (depending on specific 
OPSEC matters under consideration). A grade or 



rank limitation should not be imposed on the 
membership in this group. 

(c) OPSEC working group functions in- 
clude, but are not limited to: 

/. Performing tasks as assigned by the 
OPSEC board. 

2. Developing, recommending, and co- 
ordinating agenda items for the OPSEC board 
chair's approval. 

3. Reviewing and coordinating on 
OPSEC program directives and initiatives. 

(d) The OPSEC working group meets at 
the call of the board chair or the OPSEC officer. 

5. Education: 

a. For operations security to be effective, all 
personnel should understand the concept of 
OPSEC and apply that knowledge and awareness 
when performing assigned tasks. OPSEC training 
programs, to be meaningful over the long term, 
should be related to the jobs assigned. Case stud- 
ies and lessons learned should be used to illustrate 
OPSEC objectives and requirements. The content 
of materia! presented should be selected to answer 
three primary questions the audience is likely to 
ask: 

(1) Why is OPSEC important to my organ- 
ization? 

(2) Why is OPSEC important to me? 

(3) How can I contribute to OPSEC? 

b. OPSEC educational materials are developed 
from many sources. All service components pro- 
duce training aids that are generic to their service; 
all stress the need for OPSEC awareness. In the 
Air Force, HQ ESC provides OPSEC training ma- 
terials. Individual OPSEC officers should aug- 
ment materials with their own unique ideas spe- 
cific to their organization. They may also send rec- 
ommendations through channels to HQ 
ESC/DOOO, San Antonio TX 78243, for possible 
Air Force-wide dissemination. 

c. OPSEC training materials should receive 
the widest distribution. To accomplish this, the 
OPSEC officer should set up procedures to ensure 
that copies of training aids received are available 
to unit personnel. OPSEC officers should ensure 
that higher headquarters know their needs. A 
feedback system (IG, staff assistance visits, and 
annual unit status reports) ensures that materials 
are being properly used. 

d. The following are sources of educational 
materials: 

(1) Briefings and Films. Briefings from HQ 
ESC sources are sent to the MAJCOM OPSEC 
OFFICER. Films are ordered through normal 
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audio visual channels. 

(2) OPSEC Updates. Prepared by HQ ESC, 
these packages contain threat information, sam- 
ples of briefings, and open source articles that em- 
phasize different security disciplines. They are dis- 
tributed several times a year to command OPSEC 
officers. Reproduction is authorized. 

(3) Posters. Ideas are developed by HQ ESC 
or reproduced from other sources. Posters can be 
ordered through Air Force PDO channels. 

e. According to AFR 5^-30, the following 
training should be accomplished: 

(1 ) Initial OPSEC awareness training. 

(2) Sustained OPSEC awareness training. 

(3) Specialized training for operations plan- 
ning. 

f. Annual training reports are submitted ac- 
cording to AFR 50-1. 

Section B— Relationships 

6. Relationship to Other Security Programs. 

OPSEC encompasses aspects of other security 
programs. However, it should not be regarded as a 
managing tool for those programs; rather it inte- 
grates their effects and identifies disclosure prob- 
lem. It focuses on all means of information flow 
and disclosure, whether or not it falls under a des- 
ignated security program. 

7, Relationship to Planners: 

a. OPSEC officers at all levels of command 
should ensure that OPSEC measures are consid- 
ered during the planning process. 

b. Under AFR 55-30, OPSEC officers are to 
assist planners in identifying EEFI, associated 
OPSEC indicators, and protective measures for 
inclusion in any military activity, function, or 
event that requires the protection of information 
to deny a potential enemy either a tactical or 
strategic advantage. 

c. OPSEC officers should become familiar with 
the planning process. AFR 28-3, USAF Operation 
Planning Process, Annex L, Appendices I and 2, 
specify those steps necessary to drafting an 
OPSEC annex to plans. 

d. The OPSEC officer should encourage plan- 
ners to develop new concepts, procedures, actions, 
and OPSEC initiatives to overcome OPSEC vul- 
nerabilities. Planners should be educated to un- 
derstand the importance of OPSEC. Planners 
should take a new look at OPSEC and understand 
that OPSEC needs to be included in all aspects of 
the plan from its inception and continually 
evaluated until the activity is completed. 



8. Relationship to Tactical Deception Officer 
(TDO): 

a. OPSEC officers and TDOs. when assigned, 
should establish a close working relationship to 
ensure that commanders are afforded the full 
range of coordinated OPSEC and deception to 
support operational planning. 

b. Tactical deception can be defined as those 
measures designed to mislead the enemy by 
manipulation, distortion, or falsification of evi- 
dence to induce him to react in a manner prejudi- 
cial to his interests. Cn contrast, OPSEC is ori- 
ented towards suppressing or denying the real in- 
dicators to the enemy. The two programs are, 
therefore, complementary and OPSEC should be 
applied to all phases of the deception planning 
process. 

c. OPSEC officers will find it beneficial to en- 
list the assistance of a TDO when correcting a 
weakness or hiding indicators of an impending op- 
eration or activity. The TDO may be able to devise 
a tactical deception scheme to cover the weakness 
or manipulate indicators so as to show something 
other than the real operation. The use of tactical 
deception should be considered early in the 
OPSEC planning process in order to gain full 
benefit. 

Section C— The OPSEC Process 

9. Introduction. OPSEC is a continuous, sys- 
tematic process encompassing security and com- 
mon sense. It can be applied to any program, 
plan, or operation. The basic steps are: 

a. Identifying the operation or activity. 

b. Determining EEFI. 

c. Identifying hostile intelligence threat. 

d. Assessing vulnerabilities. 

e. Developing and using protective measures. 

f. Evaluating protective measures. 

g. Analyzing risk and commander's decisions, 
h. Executing and monitoring operation. 

i. Receiving feedback (lessons learned). 
NOTE: This section provides guidance for the ap- 
plication of this process. When all steps are com- 
pleted, the unit commander should be better able 
to evaluate the level of security provided and what 
EEFI information might compromised. 

10. Operation or Activity. Determining the objec- 
tives of a planned operation or activity to include 
both operational and support mission require- 
ments. 

11. Essential Elements of Friendly Information 
(EEFI): 
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a. EEFI arc critical facts aboui friendly opera- 
tions and activities which, individually or in the 
aggregate, reveal sensitive details about capa- 
bilities or intentions and thus require protection 
from hostile intelligence collection and exploita- 
tion. 

(1) EEFI parallel the key questions about 
friendly operations, capabilities, intentions, or ac- 
tivities likely to be asked by an opposing decision 
maker (the adversary's essential elements of infor- 
mation (EEI)) in competitive situations. Accurate 
EEFI identify those aspects which are critical to 
successful completion of the mission. 

(2) EEFI should not be broad and generic but 
should specifically identify those critical functions 
which, if revealed, would impair or deny mission 
success. As an example of what is meant by broad, 
generic EEFI, assume that a Strategic Air Com- 
mand (SAC) unit has established "Information 
Concerning Exccrcise" as an EEFI. SAC annually 
exercises the strategic force to test conventional 
warfare capabilities in exercise GIANT 
DRAGON. Public announcements of GIANT 
DRAGON are made 30 to 90 days before the exer- 
cise dates. An EEFI states information concerning 
the SAC exercise is an element that needs to be 
protected. The EEFI is obviously not valid as writ- 
ten since Us protection directly conflicts with 
public affairs exercise objectives. A more accurate 
EEFI might be: "dates of exercise GIANT 
DRAGON before official public release." 

(3) The OPSEC officer should be thoroughly 
familiar with the unit's peacetime and wartime 
mission. Without a complete understanding of 
what critical functions the unit is expected to do 
during various periods of readiness, the identifica- 
tion and construction of EEFI and their protec- 
tion is extremely difficult. 

b. Missions statements (both classified and 
unclassified), OPLANS, contingency plans (CON- 
PLANS), and other planning documents tasking 
the unit should be reviewed. The OPSEC officer 
probably will find it very beneficial to organize 
critical unit mission functions under various ma- 
jor headings; for example, peacetime and war- 
time. Once this is accomplished, an analysis of 
these tasks should result in a determination of re- 
sponsible or contributing functional areas (such as 
maintenance, logistics, operations, and adminis- 
trative support). The OPSEC officer should not 
hesitate to contact commanders and functional 
area managers or the OPSEC working group to 
determine the extent of involvement in a particular 
mission phase to establish security objectives and 
begin developing EEFI. The function of EEFI are 



to describe what information needs to be pro- 
tected, and how lung it needs protection. 

c. The OPSEC officer then presents a prelimi- 
nary analysis of critical mission functions to the 
OPSEC board or working group. The OPSEC 
board or working group reviews the analysis and 
presents a final analysis to the commander. 
Following the commander's approval, the board 
or working group directs the construction of EEFI 
by functional area. 

d. Each command, unit, or organization is 
unique and, when preparing. plans, should include 
only those EEFI applying to its operations and ac- 
tivities. Subordinate units should refine EEFI 
listed in higher headquarters plans ind orders and 
establish additional EEFI pertinent to their sup- 
porting plans. 

e. OPSEC offices should provide guidance 
such as why certain information requires protec- 
tion and who is most directly responsible for 
protecting the information. EEFI should be writ- 
ten into a plan as applicable. EEFI are classified 
according to the operation they protect and may 
be classified either as a whole or individually. 

f. The success of an organization's OPSEC 
program essentially rests on developing accurate 
EEFI, using analysis similar to that previously 
mentioned; proper OPSEC planning and employ- 
ment; and the education and awareness program 
directed at unit members. The more specific and 
understandable the EEFI, the easier they are to 
learn and protect. The commander should direct 
principal unit functional areas to identify elements 
critical to mission success. 

g. To further illustrate the concept, a 
functional EEFI listing pertaining to security 
might be as follows: 

(1) Specific access controls and require- 
ments. 

(2) Access lists and specific security meas- 
ures. 

(3) Details of the physical security system. 

(4) Number of alert -team members available. 

(5) Actual response time. 

(6) Details of the intrusion and duress 
response plans. 

(7) TEMPEST control and test results. 

(8) Computer access passwords and phone 
numbers. 

(9) Deficiencies and weakness of items (1) 
through (8) above. 

h. Similar lists for all functional areas ad- 
dressed to specific plans create the basis for unit 
OPSEC education and awareness and create a 
functional guideline for individual unit members. 
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The OPSEC program in its simplest form answers 
these questions: 

(1) What are the questions that the enemy 
might ask about us? (What is sensitive?) 

(2) How susceptible is the information to in- 
telligence collection? (How is the sensitive infor- 
mation revealed?) 

(3) How interested is the enemy, and how 
capable are they at collecting the information? 
(What is the threat?) 

(4) Can we eliminate the •sources of informa- 
tion; and, if not, how can we protect them? 
(Protective measures) 

(5) If we can't eliminate or protect the 
sources of« information (the intelligence indica- 
tors), how can we confuse the enemy's under- 
standing? (Deception) 

i. EEFI need not address plans and programs 
but could be written to protect information con- 
cerning any areas in which an adversary could 
identify an exploitable condition or weakness in 
capabilities, such as: 

(1) Status of training, combat readiness, or 
combat efficiency of units and forces. 

(2) Organizational identities, locations, 
movements, and strengths of specialized units or 
activities. 

(3) Command structure changes that could 
reveal fundamental changes in mission or capabil- 
ity. 

(4) Mission changes that indicate strategy or 
intentions. 

(5) Alteration of an organization's operating 
capabilities. 

(6) Introduction of new equipment or up- 
grade of current equipment. 

(7) Equipment shortages or maintenance 
trends indicating impaired operating efficiency or 
combat readiness. 

(8) Security clearances or special access 
authorizations of individuals related to special 
projects (observation of an individual's 
movements could reveal classified locations). 

(9) Unique personnel, training, or organiza- 
tional requirements relating to operational intent 
or activity. 

(10) Movements of senior personnel. 

(11) Maps and mapping requirements indi- 
cating planned activities or operations. 

(12) Nickname of projects, operations, or 
activities. 

NOTE: This list is not meant to be all inclusive or 
applicable to each organization. It provides a sam- 
ple of subjects normally not considered classified, 
but critical to the activity. 



12. Intelligence Principles. The principles of intel- 
ligence govern what information adversaries col- 
lect and how they use it. To deny, confuse, or dis- 
credit adversary intelligence, we should be fami- 
liar with intelligence principles. 

a. Intelligence perform four basic mis- 
sions: detection, recognition, identification, and 
location. 

(1) Detection raises the enemy's awareness of 
an on-going activity. By conducting broad 
searches of data looking for anything peculiar, un- 
usual, or different, they attempt to detect activity. 

(2) Recognizing intentions evolves from de- 
tecting activity. Actual intentions may remain un- 
known, but decision makers are appraised of op- 
tions they might consider, allowing them to pre- 
pare counter actions. 

(3) Identification, the third mission, identi- 
fies what forces, style (tactics and procedures), 
and technology are to be used. 

(4) Location identifies when and where 
something will happen. 

b. Time is a critical factor in intelligence and se- 
curity. If we deny adversaries intelligence indica- 
tors long enough, they may not be able to establish 
the truth or make a critical decision in time. 

c. The value of intelligence information de- 
pends on its accuracy, timeliness, and reliability. 
Intelligence is a product of collection, integration, 
evaluation, and analysis. Raw data may have in- 
significant value until the intelligence process is 
completed. 

13. Secrecy and Surprise. OPSEC is concerned 
with preserving secrecy and achieving surprise. 
Surprise is basic to all successful military opera- 
tions, both defensive and offensive, and can be the 
most vital element for success in modern war. So 
obvious are the advantages of secrecy and surprise 
that they are the instinctive tools of survival in na- 
ture, by both the hunter and the hunted. In war, 
surprise has provided an overwhelming advantage 
by affecting the enemy's will, causing them to be- 
come confused, disconcerted, and paralyzed. 
Secrecy's ultimate aim is providing an advantage 
in combat. Offensively, secrecy and surprise aim 
to devastate the enemy's ability and will to resist. 
Defensively, secrecy prevents the enemy from 
knowing where or when to act, what forces to use, 
and what actions to take. 

14. Threat: 

a. A detailed explanation of the multidiscipline 
hostile intelligence threat to US military opera- 
tions is contained in the Air Force Office of Spe- 
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cial Investigation (AFOSI) Special Report, The In- 
telligence Threat: A Handbook for OPSEC Offi- 
cers, dated December 1982. The multidiscipline 
threat OPSEC is concerned with is posed by 
human intelligence (HUM! NT), imagery intelli- 
gence (1MINT), and signals intelligence (SIGINT). 

b. To be effective, an OPSEC program should 
be based on the most current intelligence threat 
analysis available. Local AFOSI representatives 
and intelligence personnel should be consulted for 
the threat information you need. Special threat 
analysis services are available from various agen- 
cies as listed in AFR 55-30. The intelligence threat 
should be geared to a specific operation or activ- 
ity. The intelligence threat should be considered in 
every aspect of the OPSEC process. 

c. Personnel participating in exercises or per- 
forming extended temporary duty (TDY) need to 
be aware of the multidiscipline threat for the area 
of deployment or employment. Exercise planners 
should add intelligence threat analysis into the 
planning process. They should ensure that all par- 
ticipating units receive copies of current threat 
information. Arrangements should be made for 
either the host base to provide exercise partici- 
pants with a current threat briefing before they 
depart their home station or personnel should be 
briefed upon arrival. In either case, host base in- 
telligence and/or counterintelligence activities 
should be contacted on arrival for updated local- 
area threat information. 

d. If your unit makes frequent deployments, 
current threat information should be available for 
all deployment locations and all personnel should 
be briefed before departure. EEF1 and protective 
measures should be identified for deployed loca- 
tions as the threat for the deployed location may 
differ significantly, based on local peculiarities. 

15. Assessing OPSEC Vulnerabilities: 

a. OPSEC Indicators. OPSEC indicators are 
items of information, observable events, or pat- 
terns of detectable activity, whether classified or 
unclassified. When properly interpreted, OPSEC 
indicators can provide an adversary an intelligence 
tip-off that an operation or other activity will 
occur or yield insights into underlying classified 
capabilities, system characteristics, doctrine, tac- 
tics, techniques or procedures. OPSEC indicators 
arc clues that can cause EEFI disclosures or result 
in OPSEC vulnerabilities. Vulnerabilities exist if 
there is a hostile intelligence capability to exploit 
them. The indicators listed below are neither a 
complete listing nor do they pertain to every oper- 
ation. They are provided to help OPSEC officers 



and activity planners to identify possible problem 
areas. 

( 1 ) Communications Indicators: 

(a) Change in message volume. 

(b) Nets used. 

(c) Types or numbers of units on each net. 

(d) Prepositioning and testing communica- 
tions equipment. 

(e) Using daily identified or recognized 
message types, characteristics, call signs, and 
reporting times; message externals and situation 
reports (S1TREP) requirements indicative of a 
particular type of activity. 

(0 Receiving unusual Armed Forces 
Courier Service (AflFCOS) shipments, 
(g) Implementing MINIMIZE. 

(2) Operations Indicators: 

(a) Stereotyping: 

/. Fixed schedules and routes. 

2. Standard reactions to hostile acts, 
maneuvers, procedures, and protective support 
packages. 

(b) Making unusual changes in amount or 
type of electromagnetic emissions; for example, 
communications, navigation aids, and radar. 

(c) Using unique emitters. 

(d) Positioning forces. 

(e) Deviating from usual training pro- 
grams. 

(0 Augmenting forces with external assets. 

(3) Intelligence Indicators: 

(a) Intensifying or modifying the use of in- 
telligence-collection resources and warning sys- 
tems. 

(b) Moving special units and equipment. 

(4) Administrative Indicators: 

(a) Issuing unusual types or numbers of 
TDY orders. 

(b) Planning or pre-execution conferences. 

(c) Performing unusual special support 
services, such as transportation, medical care, 
messing, hotel reservations, trash collections, 
laundry, or other recreation activities. 

(d) Posting special aircrew bus, flight, or 
maintenance schedules, and notices to airmen. 

(e) Cancelling or restricting leave. 

(f) Making pyramid recall lists (revealing 
purpose). 

(g) Calling up reserve forces. 

(h) Activating new or contingency facil- 
ities. 

(i) Causing unusual private vehicle traffic 
or parking. 

(5) Logistic and Maintenance Support Indi- 
cators: 
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(a) Increasing volume or priority of requi- 
sitions. 

(b) Prepositioning of equipment. 

(c) Enlarging motorpool activity. 

(d) Increasing test equipment turnover or 
calibration. 

(e) Advertising nonavailability of base 
transportation and billeting. 

(0 Increasing physical security measures 
(such as lights or guards around secure facility). 

b. OPSEC Indicator Identification. OPSEC 
officers should be personally involved in iden- 
tifying those procedures used in their operations 
and activities that make intelligence collection 
easier for hostile forces. OPSEC indicator identi- 
fication by functional specialist and personal ini- 
tiative is a good method. Other means that can be 
used include: 

(1) OPSEC lesson learned. 

(2) Friendly intelligence methods and inter- 
ests. 

(3) Known and postulated hostile intelligence 
capabilities, methods, and interests. 

(4) Common sense assessment of exploitable 
characteristics of the operation or activity. 
NOTE: See AFR 55-30 for additional informa- 
tion. 

c. OPSEC Susceptibilities: An indicator that, 
if exploited, would cause the disclosure of EEF1. 

d. OPSEC Vulnerability Identification. 
OPSEC susceptibilities that are likely to be ex- 
ploited and cause the disclosure of EEFI, due to 
hostile intelligence capabilities, are termed 
OPSEC vulnerabilities (susceptibility x threat = 
vulnerability). Protective methods or actions to 
avoid OPSEC vulnerabilities could be costly to re- 
sources and mission effectiveness. An accurate in- 
telligence threat assessment is essential to single 
out those susceptibilities that contribute to real 
vulnerabilities. 

16. Developing Countermeasures. Countermeas- 
ures depend primarily on the nature of the threat, 
the indicator, and the situation. The requirements 
of the operation and how an indicator relates to 
success or failure of the operation should be con- 
sidered. The OPSEC working group can be used 
to develop recommended countermeasures. Figure 
1 is a guide of sample countermeasures. It identi- 
fies some techniques that could be used, to include 
denial and deception. Once these countermeasures 
are identified and implemented, their success 
should be evaluated. 

17. OPSEC Evaluations. Unit OPSEC posture 



and the effectiveness of countermeasures are eval- 
uated through OPSEC surveys, OPSEC apprais- 
als, OPSEC self-inspections, and mission success, 
a. OPSEC Assessment. This is the process and 
specific methods for measuring the likelihood that 
operations and activities can be effectively con- 
ducted while denying related EEFI to adversary 
intelligence collection. It is a tool for evaluatng the 
effectiveness of OPSEC measures and involves 
identifying the vulnerability of operations to hos- 
tile exploitation in the light of known or estimated 
foreign intelligence threats. OPSEC assessments 
are categorized as either surveys or appraisals. Se- 
lecting the proper OPSEC assessment method 
should take into consideration the purpose and 
objectives of the assessment; the nature of the ac- 
tivity to be assessed; the time-criticality of the 
assessment results and OPSEC measures; and the 
availability of OPSEC assessment resources. 
Broadly stated, the assessment reveals how effec- 
tive the OPSEC program is. There are advantages 
for a unit that conducts self-surveys. They are: 

(1) Unit personnel become aware of OPSEC 
vulnerabilities. 

(2) The OPSEC office becomes aware of the 
unit OPSEC vulnerabilities. 

(3) The 4 OPSEC officer receives valuable on- 
the-job training by studying the unit security envi- 
ronment. 

(4) Problems can be solved within the unit. 

(5) Security programs can be evaluated for 
results rather than compliance. 

b. OPSEC Surveys. OPSEC surveys are 
explained in detail in the Joint Chiefs of Staff 
(JCS) OPSEC Survey Planning Guide. Whether 
the survey is directed by higher authority or from 
within the unit, there are several principles that 
should be adhered to: 

(1) A survey plan should include purpose, 
scope, objectives, and data collection plan. 

(2) The survey subject should be carefully 
analyzed to be manageable and within the re- 
sources of the survey team. 

(3) Surveys are services for the commander 
and should receive full understanding and cooper- 
ation. Surveys are neither inspections nor investi- 
gations but tools used to determine the security ef- 
fectiveness of your unit. The only person hurt by 
survey results is the hostile intelligence collector. 

(4) Team members should instill trust in unit 
personnel to encourage them to cooperate fully 
and volunteer information. Surveys should pro- 
duce results. 

(5) Survey teams consist of a variety of dif- 
ferent specialties. Surveys by outsiders tend to be 
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more objective since they are not influenced by, or 
familiar with, daily unit operations. Every survey 
team member should remain objective. A success- 
ful OPSEC survey requires imagination, coopera- 
tion, and participation. 

c. Conducting the Survey. The survey is an 
analytical tool for examining an operation and 
identifying exploitable sources of intelligence by 
simulating the intelligence-collection process. 
Hostile agents are smart. They know what they are 
after and have developed plans to get it % A survey 
team performs in the same manner. Preparing and 
planning are the most important aspects of the 
survey process. The process involves four phases: 
plan, execute, analyse, and report. 
NOTE: Figure 2 is a quick reference for these 
steps. 



d. Planning. The survey should be planned well 
in advance; normally 3 months is adequate. When 
conducting a survey of your own organization, 
this time can be reduced based on inherent knowl- 
edge of the unit mission. The steps of planning 
include: 

(1) Defining the purpose and scope of the 
survey. The mission to be surveyed and the spe- 
cific threat to the operation should be identified 
(see AFR 55-30 for sources and required lead- 
times). EEFI should be reviewed for accuracy and 
used to prioritize survey objectives. This process 
also establishes survey objectives and determines 
systems or plans to evaluate. 

(2) Identifying support, such as COMSEC 
monitoring and OPSEC survey team members, 
needed from agencies outside your unit's span of 
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Figure 1. Countertneasures. 
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control. Requests for support should be made as 
early as possible in the planning process. See AFR 
55-30 for support sources and leadtime. 

(3) Selecting team members. The team chief 
should be identified. This individual serves as the 
overall manager of the survey effort and does not 
take part in daily collection activity. Team mem- 
bers should be selected based on their knowledge 
in the functional areas to be surveyed and of the 
threat capability. For example, AFOSI expertise 
will be reauired to evaluate the effectiveness of the 
HUMINT threat to mobility readiness plans; 
when communications monitoring is planned, the 
COMSEC Surveillance Mission Supervisor should 
be a designated team member. 

(4) Studying the operation, using plans and 
directives to obtain an indepth understanding. 
Even as a unit member, there may be operational 
relationships with which you are not familiar. 
Meetings should be held to discuss the study find- 
ings and to plan the approach required to accom- 
plish survey objectives. 

(5) Notifying the commander and agencies of 
the survey. Surveys are conducted on an overt ba- 
sis and the notification may include: 

(a) Formal authority to conduct the sur- 



vey. 



ances. 



(b) Survey purpose and scope. 

(c) List of team members and their clear- 



ed) Requested briefings and orientations, 
(e) General time span involved. 
(0 Administrative support and logistics re- 
quirements. 



e. Field Survey. A field survey is the execution 
phase of the survey and involves three steps: 

( 1 ) A r rival and Inbrief: 

(a) The team chief presents the inbrief to 
the commander and key staff. This briefing sets 
the lone for all interaction between team and unit 
members. It stresses that the survey is not an 
inspection but is a cooperative effort to improve 
OPSEC effectivensss. This briefing should be 
informal and include the scope, survey techniques, 
and threat information developed in the planning 
phase. 

(b) A unit briefing is presented to the sur- 
vey team to give an overview of the unit's mission, 
organization, and physical layout. The briefing 
should clear up any questions that team members 
may have ab jut the unit mission. 

(2) The Survey. 

(a) The team should be managed to 
achieve full coverage of the objectives. Team 
members should operate in pairs to allow sharing 
of ideas and reinforcing initiatives. 

(b) Survey continuity is imperative. Team 
members should communicate their daily activities 
to other team members, to prevent duplication of 
effort. To aid this coordination, a meeting should 
be held eachiday of the survey, with all members 
and members of any other technical support teams 
present. Additional meetings may be held at (he 
team chief's discretion. The meeting should be 
held after the day's activities are completed, to 
discuss findings and compare notes. Tentative 
findings are formulated and new areas of study 
developed. The team chief determines if survey 
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Figure 2. Sample OPSEC Survey Plan. 
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objectives are being met and if deviations from the 
data collection plan are required. When all objec- 
tives arc met, the team completes tentative find- 
ings of the survey to be briefed to the unit com- 
mander at the exit brief. 

(c) Methods of data collection are: 
/. Interview—informal, casual. 

2. Observation. 

3. Study of unit directives. 

4. Optional activities: 

a. Simulation of HUMINT threat. 

b. COMSEC monitoring. 

c. Electronic signals analysis, if 
available (such as, TEMPEST) and electronic 
security (ELSEC). 

(d) Duration of the field survey depends 
on the depth of study, complexity of organization, 
and geographic proximity of surveyed facilities. 
Surveys have been conducted with require more 
than 30 days while others have required less than a 
week. The key is knowing the objectives in ad- 
vance and reaching those objectives. The esti- 
mated survey length should be determined during 
the planning phase. 

(3) OPSEC Survey Exit Brief. When the 
survey is completed and initial observation deter- 
mined, the survey team chief should schedule an 
exit brief with the unit commander. This briefing 
is to inform the commander of the major initial 
observations of the survey, make recommenda- 
tions, allow corrective actions to begin, and pro- 
vide feedback for consideration in the final report. 
The exit brief should be held informally with the 
commander and members of the staff, if the com- 
mander desires their attendance. 

(a) The tentative nature of the observa- 
tions should be emphasized; those which appear 
firm could be altered after final review of the data. 

(b) The final report can require some time 
to prepare. It is important that an estimated com- 
pletion date be given to the commander for plan- 
ning and considering report distribution. Typ- 
ically, the report is provided directly to the com- 
mander who approves further distribution. 

f. Example of Final Report Format: 

(1) Overview: 

(a) Historical background. 

(b) Purpose, scope, and objective of the 
survey. 

(c) Conduct of survey. Includes a brief dis- 
cussion of methods used; team composition, de- 
gree of unit disruption, and time of survey. 

(2) Intelligence Threat. Includes data re- 
quested from support agencies. Three types of 
threat should be described: 



(a) S1GINT. 

(b) HUMINT. 

(c) IMINT. 

(3) Summary of Significant Observations: 

(a) Observation. You should describe the 
indicator and associated EFFI which validates the 
indicator as a susceptibility. 

(b) Threat. You should describe the threat, 
as derived from (2)(a), (b), and (c) above, which 
applies to the susceptibility. If no threat applies, 
then any potential threat that might apply in the 
future should be stated. 

(c) Susceptibility or Vulnerability. This is 
determined by applying a threat to the susceptibil- 
ity (threat x susceptibility = vulnerability). This 
section should be used to discuss any conditions 
relating to the observation. For example, assump- 
tions concerning threat or susceptibility and effect 
of EEFI loss on mission. If no threat currently 
applies, then this item remains a susceptibility. 

(d) Recommendation. This should be the 
best corrective action the survey team can devise. 
If no capability currently exists to correct a vulner- 
ability because of technical or regulation require- 
ments, you should ask for assistance from higher 
headquarters. 

NOTE: Observations should be listed by 
functional area. If observations are general and 
affect more than one functional area, they should 
be listed as general observations and be the last 
item under observations. 

g. OPSEC Appraisal. This is a timely OPSEC 
assessment conducted in support of a specific 
operation, activity, or exercise. The appraisal is 
distinguished from the survey by the timeliness re- 
quired for threat and vulnerability analysis and 
the application of OPSEC measures. 

(1) The appraisal may be as limited as a sim- 
ple desk top analysis in response to an operational 
planner's query, or as extensive as the formation 
of a multidiscipline appraisal team to support a 
contingency, exercise, or field test and evaluation 
event. 

(2) The appraisal may be conducted as a 
follow-up to an OPSEC survey, or it may provide 
a basis for initiating command or formal surveys. 

(3) Appraisal results are provided for timely 
action by the requesting organization. As in the 
case of the survey, the commander analyzes the 
effect of reported vulnerabilities and either takes 
active countermeasures or accepts the risks posed 
by the vulnerabilities. 

h. SdMaspecttoos: 
(1) The OPSEC officer conducts seif-inspec- 
tions to evaluate OPSEC program compliance 
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with directives. Attachment 2 is a checklist that 
can be used as a basis for amplifying directives of 
your higher headquarters. 

(2) Self-inspections do not analyze OPSEC 
postures but ensure that documentation of the 
program is completed and supporting activities are 
conducted. 
I. Other Forms of Assessment: 

(1 ) The results of the following examples can 
be used to evaluate OPSEC posture: 

(a) Operational Readiness Inspections. 

(b) Management Effectiveness Inspec- 
tions. 

(c) Defense Nuclear Agency Inspections. 

(d) Functional Management Inspections. 

(e) Exercises. 

(2) Other self-initiated efforts, such as desk 
top security audits and office security audits. 

18. Mission Risk Assessment. Risk is based on the 
comparison of known capabilities of the hostile 

BY ORDER OF THE SECRETARY OF THE AI R FORCE 



collector and your ability to deny information or 
plan for deception. Some indicators may not be 
denied or disguised and, as such, may give a hos- 
tile force a needed piece of information. The level 
of risk is determined by how extensive the infor- 
mation loss is and how important that informa- 
tion is to mission success. The organization com- 
mander compares known or suspected compro- 
mise of the operation with the priority of the 
mission. The commander may decide to proceed 
using alternative courses of action or accept infor- 
mation losses. 

19. Execute and Monitor the Operation. When 
the commander executes the plan or operation, 
OPSEC applications should be monitored to 
determine their effectiveness. 

20. Lessons Learned and Feedback. These 
OPSEC considerations should then be evaluated 
for use in future operations and plans. 
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ANNUAL OPSEC STATUS REPORT 



A 1-1. All MAJCOM, SOA and DRU will submit 
an annual OPSEC Status Report, 
RCS: HAF-XOE(A) 7106(DD), to HQ 
USAF/XOEO with an informative copy to HQ 
ESC/DOO no later than I September. The report 
should consist of command OPSEC activities, 
problem areas, and lessons learned over a period 
from 1 July of the previous year and close out on 
30 June of the year the report is due. 

A 1 -2. The report should not be limited to HQ ele- 
ment OPSEC activities but should also include 
noteworthy actions or problems of units within 
the command. In order lo prepare an effective an- 
nual OPSEC Status Report. MAJCOM, SOA, 
and DRU should supplement AFR 55-30 to 
require subordinate echelons to submit annual 
OPSEC reports in a timely manner to permit the 
inclusion of significant items in the command an- 
nual report. 

A 1-3. The annual OPSEC Status Report should 
also include a forecast of OPSEC initiatives for 



the next fiscal year. This forecast should consist of 
scheduled activities as well as recommendation for 
new initiative at either their level or Air Force- 
wide. 

A 1-4. The annual OPSEC report is submitted in 
the following format: 
a. Overview of command OPSEC program sta- 



tus, 
b. 
c. 
d. 
e. 
f. 



Training program activities. 

Summary of OPSEC activities. 

Problem areas and recommendations. 

Lessons learned. 

Forecast of OPSEC activities for the next 



reporting period. 

A 1-5. The annual OPSEC report is a formal 
opportunity to show what your command is doing 
in OPSEC and to make senior level authorities 
aware of specific problem areas. The report re- 
quires openness and candor to permit it to be a 
viable tool in the overall Air Force OPSEC 
program. 
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OPShC CHECKLIST 



1 . Has an OPSEC officer been appointed, in writ- 
ing, to act as the focal poini for ail OPSEC mat- 
ters? 

2. Is the unit OPSEC officer knowledgeable 
about OPSEC concepts, procedures, and objec- 
tives? 

3. Does the OPSEC officer have the required 
security clearances? 

4. Does everyone know who the OPSEC officer 
is? 

5. Has the name of the OPSEC officer been for- 
warded to higher headquarters? 

6. Is the OPSEC education and training program 
effective? 

7. Does the OPSEC program promote a clear un- 
derstanding of national, USAF, and MAJCOM 
concepts and objectives? 

8. Does the OPSEC program ensure the active 
participation and involvement of the entire staff? 

9. Are the OPSEC education and training publi- 
cations listed in AFR 55-30 and MAJCOM sup- 
plements thereto available? 

10. Are OPSEC education and training publica- 
tions disseminated to personnel with the appropri- 
ated security clearances? 

11. Does the OPSEC program include provisions 
for reviewing plans, OPORDS, directives, and 
procedures for potential sources of prior knowl- 
edge? 

12. Has appropriate liaison been established with 
host or tenant activities on OPSEC matters? 

1 3. Are OPSEC posters displayed in the most visi- 
ble areas? 

14. Are published OPSEC survey reports and 
studies reviewed for possible application of find- 
ings ("Lessons Learned") to local on-going or 
planned activities? 

15. Are the interrelationship of OPSEC, 
COMSEC, physical security, and administrative 



security programs clearly understood by unit per- 
sonnel? 

16. Has an OPSEC survey been conducted? If so. 
when? If not, has one been scheduled or request- 
ed? 

17. Have positive actions been taken to act on 
recommendations or to correct weaknesses and 
deficiencies noted in OPSEC survey? 

18. Has the OPSEC officer conducted recent self- 
evaluations for the following OPSEC indicators: 

a. Subverted military or civilian personnel? 

b. Published or posted unclassified informa- 
tion which is sensitive? 

c. Observable, unique indicators such as special 
paint or uniforms? 

d. Special field preparations, supply buildups? 

e. Project names, how are they used, with 
whom are they associated, and how are they 
communicated? 

19. Has the unit developed any special observable 
operational patterns: 

a. Stereotyped activity? 

b. Preparatory activity? 

c. increase or decrease of traffic flow and activ- 
ity such as communications and materials? 

20. Are all OPSEC recurring publications re- 
viewed to determine applicability of findings of 
OPSEC lessons learned? 

21. Do the OPSEC considerations for plans in- 
clude the following: 

a. Purpose and definition of OPSEC? 

b. Multidiscipline threat? 

c. Essential Elements of Friendly Information 
(EEFI)? 

22. Are contingency plans coordinated and dis- 
tributed only to activities that have a requirement? 

23. Are classified materials distributed in a man- 
ner that ensures adequate control? 

24. Do official and unofficial feedback publica- 
tions such as squadron, operations or flight news- 
letters contain sensitive or classified information? 
If so, are they protected? 

25. Do indexes for regulations, BOIs, DOIs, 
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MOis, etc., reveal sensitive operations or func- 



tions 



;t 



26. Do unclassified computer products disclose 
sensitive mission activity? 



27. Are ADP products protected and destroyed as 
classified waste after they have served their pur- 
pose? 
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